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DETAILED ACTION 



The instant application having Application No. 10/517574 filed on 12/9/2004 is 
presented for examination by the examiner. 



Oath/Declaration 

The applicant's oath/declaration has been reviewed by the examiner and is found 
to conform to the requirements prescribed in 37 C.F.R. 1.63. 



Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 1 is rejected under 35 U.S.C. 101 as directed to non-statutory subject 
matter of software, perse. The claim lacks the necessary physical articles or objects to 
constitute a machine or manufacture within the meaning of 35 U.S.C. 1 01 . It is clearly 
not a series of steps or acts to be a process nor is there a combination of chemical 
compounds to be a composition of matter. As such, they fail to fall within a statutory 
category. It is at best, function descriptive material perse. 

Descriptive material can be characterized as either "functional descriptive 
material" or "nonfunctional descriptive material." Both types of "descriptive material" are 
non-statutory when claimed as descriptive material perse, 33 F.3d at 1360, 31 USPQ2d 
at 1759. When functional descriptive material is recorded on some computer-readable 
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medium, it becomes structurally and functionally interrelated to the medium and will be 
statutory in most cases since use of technology permits the function of the descriptive 
material to be realized. Compare In re Lowry, 32 F.3d 1579, 1583-84, 32 USPQ2d 
1031, 1035 (Fed.Cir. 1994). 

Merely claiming non-functional descriptive material, i.e., abstract ideas, stored on 
a computer-readable medium, in a computer, or on an electromagnetic carrier signal, 
does not make it statutory. See Diehr, 450 U.S. at 185-86, 209 USPQ at 8 (noting that 
the claims for an algorithm in Benson were unpatentable as abstract ideas because 
"[t]he sole practical application of the algorithm was in connection with the programming 
of a general purpose computer."). 

Claims 2, 4, and 6 are rejected under 35 U.S.C. 101 as non-statutory for at least 
the reason stated above. Claims 2, 4, and 6 are depended on claim 1 , however, they do 
not add any feature or subject matter that would solve any of the non-statutory 
deficiencies of claim 1 . 

Claim 7 is rejected under 35 U.S.C. 101 as directed to non-statutory subject 
matter. The language of the claim raises a question as to whether the claim is directed 
merely to an abstract idea that is not tied to a technological art, environment or machine 
which would result in a practical application producing a concrete, useful, and tangible 
result to form the basis of statutory subject matter under 35 U.S.C. 101 . 

The claimed invention is nothing more than an abstract idea that is not a 
practical application producing a useful, concrete, and tangible result. A claimed series 
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of steps or acts that do not result in a useful, concrete, and tangible result are not 
statutory within the meaning of 35 U.S.C. 101. 

Claims 8-15 are rejected under 35 U.S.C. 101 as non-statutory for at least the 
reason stated above. Claims 8-15 are depended on claim 7, however, they do not add 
any feature or subject matter that would solve any of the non-statutory deficiencies of 
claim 7. 



Claim Rejections - 35 USC § 102 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-4 and 6-15 are rejected under 35 U.S.C. 102(e) as being anticipated by 
USPUB US 2002/0133586 A1 to Shanklin et al hereinafter Shanklin. 

As per claim 1 , Shanklin teaches an apparatus adapted to communicate via a 
network, comprising a firewall [0013], for identifying those packets associated with 
inappropriate activity [013]; and at least one user discernable indicator associated with 



said firewall (alert) [0018], for contemporaneously indicating that a number of packets 
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associated with said inappropriate activity have exceeded a threshold level [0074]. 
Shanklin explicitly teaches monitoring packets to check for compliance to rules and 
making decisions in real-time as to what the response should be. 

As per claim 2, Shanklin teaches that an activity is determined using a plurality of 
rules divided into classes (set of attack parameters) indicative of levels of 
inappropriateness [0074]. 

As per claim 3, Shanklin teaches an apparatus 
comprises at least one of a modem, a router, and a bridge [0080]. 

As per claim 4, Shanklin teaches and indicator comprises 
at least one visual indicator (alert to admin) [0105]. 

As per claim 6, Shanklin teaches one visual indicator comprises a highlighted 
icon (alert to admin) displayed on a computing device [0105]. 

As per claim 7, Shanklin teaches a method comprising: 
examining data traffic to determine whether at least one of a plurality of rules has been 
violated [0074], said rules defining indicators of inappropriate communication activity 
(parameters are exceeded indicating an attack is in progress in combination with rules 
and responding appropriately) [0074] ; and 

in the case of a rule of at least a first class of the plurality of rules being violated, filtering 
said data traffic violating said first class rule and triggering a user discernable indicator 
[0074]. Shanklin explicitly teaches monitoring packets to check for compliance to rules 
and making decisions in real-time as to what the response should be including a 
combination of an alert and blocking traffic. 
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As per claim 8, Shanklin teaches determining if a first threshold level of rule 
violation has been exceeded prior to filtering said data traffic [0074]. In one 
embodiment Shanklin teaches monitoring traffic and then if the numbers of packets 
exceed a safe level during a time, denying access to said packets. 

As per claim 9, Shanklin teaches determining if a first threshold level of rule 
[0076] violation has been exceeded prior to triggering the user discernable indicator 
(alert) [0074]. 

As per claim 10, Shanklin teaches in the case of a rule of a second class being 
violated, filtering said data traffic violating said second class rule [0078] and triggering 
the user discernable indicator [0074-0079]. Shanklin explicitly teaches different classes 
of threats and how to handle those threats based on rules set by an admin. Shanklin 
teaches there can be any number of these rule classes (including a second or third) and 
that different responses and even combinations of responses applicable based on the 
level of the threat. 

As per claim 1 1 , Shanklin teaches determining if a second threshold level of rule 
violation has been exceeded prior to filtering said data traffic [0076]. 

As per claim 12, Shanklin teaches determining if a second threshold level of rule 
violation has been exceeded prior to triggering the user discernable indicator [0074- 
0076]. 

As per claim 1 3, Shanklin teaches a case of a rule of a third class being violated, 
filtering said data traffic violating said third class rule; and 
triggering the user discernable indicator [0074-0079]. Shanklin explicitly teaches 
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different classes of threats and how to handle those threats based on rules set by an 
admin. Shanklin teaches there can be any number of these rule classes (including a 
second or third) and that different responses and even combinations of responses 
applicable based on the level of the threat. 

As per claim 14, Shanklin teaches determining if a third threshold level of rule 
violation has been exceeded prior to filtering said data traffic [0068 and 0035]. 

As per claim 1 5, Shanklin teaches determining if a third threshold level of rule 
violation has been exceeded prior to triggering the user discernable indicator [0073]. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 1 02 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over Shanklin 
in view of USPUB US 2002/0080784 A1 to Krumel hereinafter Krumel. 

As per claim 5 Shanklin teaches visual indicators including alerts being sent to a 
system administrator in the event of a security event of some kind. Shanklin is silent is 
explicitly disclosing that one type of alert could be a light emitting device proximate to 
the apparatus. Krumel teaches the use of light emitting diodes aka LEDs (light emitting 
devices) to provide visual feedback of the data protection system status [0108]. Krumel 
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also explicitly teaches that LEDs are preferable in providing alarm type information. It 
stands to reason that the LED must be proximate to the apparatus in order for the 
administrator to view such indicia. It would have been obvious to one of ordinary skill in 
the art at the time of the invention to modify the teachings of Shanklin with the teaching 
of Krumel. Specifically, incorporating the feature of Krumel with respect to LEDs as a 
means to alert the administrator of a security system in Shanklin. 

Claims 16 and 19 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Shanklin in view of USP 6,1 85.624B1 to Fijolek et al, hereinafter Fijolek. 

As per claim 16, Shanklin teaches a firewall program having associated with it a 
set of rules [0074], said firewall program resident in said memory and executable by 
said controller (mid-network switching device i.e. Switch) to cause examining data 
(monitoring) of packets from said downstream (internal network) and upstream 
circuitry( internet) [0034] such that inappropriate activity above a threshold level results 
[0074] in the triggering for at least one visual indicator viewing by a user [0076-0079]. 
While Shanklin teaches that his invention is carried out in a mid-network switch device, 
he does not explicitly teach of a cable modem being used. He does give an example of 
a router which one of skill in the art would know performs certain basic hardware 
functions. One of skill in the art would also know a mid-network switching device has 
internal circuitry including a controller and memory. Fijolek teach the use of a cable 
modem which has all of these features (upstream, downstream, controller, memory, and 
able to communicate data packets across a network (col. 2, lines 5-10 and col. 8, 45- 
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55). Moreover, Fijolek teaches that his cable modem has management software 
whereby an admin can program it via a network. This is precisely the feature taught by 
Shanklin's invention. One skilled in the art could see that the cable modem of Fijolek 
can perform the methods of Shanklin's invention. One of ordinary skill in the art would 
have reasonable expectations of success and be motivated to protect the network from 
end to end. Therefore it would have been obvious to one of ordinary skill in the art at 
the time of the invention to modify the teachings of Shanklin with the teaching of Fijolek. 
Namely to use a cable modem as a mid-network switching device. 
As per claim 19, Shanklin teaches one visual indicator comprises a highlighted icon 
(alert message sent to admin) displayed on a computer device [0074-0079] 

Claims 17 and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Shanklin and Fijolek as applied to claim 16 above, and further in view of USPUB 
2002/0080784 to Krumel. 

As per claim 17, Shanklin teaches visual indicators including alerts being sent to 
a system administrator in the event of a security event of some kind. Shanklin is silent 
is explicitly disclosing that one type of alert could be a light emitting diode. Krumel 
teaches the use of light emitting diodes aka LEDs to provide visual feedback of the data 
protection system status [0108]. Krumel also explicitly teaches that LEDs are preferable 
in providing alarm type information. It would have been obvious to one of ordinary skill 
in the art at the time of the invention to modify the teachings of Shanklin with the 



Application/Control Number: 10/517574 Page 9 

Art Unit: 2131 

teaching of Krumel by incorporating the LEDs of Krumel as a means to alert the 
administrator of a security system in Shanklin. 

As per claim 1 8, Shanklin teaches a visual indicator of alerting an admin when 
certain security rules and thresholds are exceeded [0074-0079]. Shanklin mentioned 
that the system monitors events and notifies the admin via a number of ways based on 
the security event. Shanklin and Fijolek are silent in disclosing that at least one visual 
indicator comprises a first LED for signifying a filtering event and a second LED for 
signifying filtering data packets deemed pernicious in a set of rules. Krumel teaches the 
use of LEDs to provide visual feedback of the data protection system status. More 
specifically Krumel teaches a multiple LEDs [0109] to provide feedback based on the 
event [0108]. As an example Krumel teaches using a first LED to indicate the protection 
system is filtering one or more packets. Krumel then teaches using a second LED to 
indicate the system is under attack [01 08]. It would have been obvious to one of 
ordinary skill in the art the time of the invention to modify the teachings of Shanklin and 
Fijolek with the teachings of Krumel. The use of LEDs as taught by Krumel would 
improve the feedback in the combined system of Shanklin and Fijolek. It would provide 
quick visual stimuli to alert the admin on what is occurring in their network. One of 
ordinary skill in the art would be motivated to respond to a threat as quick as possible. 
And knowing how severe the threat is based on the visual indicia prevents the case of 
over reacting to every single security event. 
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Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

USP 6,1 19,236 to Shipley teaches an intelligent network security device which 
operates in a LAN according to an intelligent network security method. The system 
looks for code and patterns of behavior and assigns a value to perceived attempted 
security breaches. The system then directs a firewall to take actions based on the 
breaches. 

USPUB US 2001/0044886 A1 to Cassagnol et al teaches relates generally to 
security in programmed devices, and, more particularly, to a method and apparatus for 
controlling access to confidential data stored in a memory. The disclosed method 
includes the steps of: defining a predetermined section of the programmable memory as 
a repository for confidential data; addressing the predetermined section of the 
programmable memory; calculating a number of data blocks in the predetermined 
section having a predetermined characteristic; comparing the calculated number to a 
threshold value; and defining the memory as including confidential data in the 
predetermined section if the calculated number has a predetermined relationship to the 
threshold value. 

Any inquiry concerning this communication or earlier communications from the 
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examiner should be directed to MICHAEL VAUGHAN whose telephone number is 571- 
270-7316. The examiner can normally be reached on Monday - Friday, 7:30 am - 
5:00pm, EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/M. V./ 

Examiner, Art Unit 2131 
/Ayaz R. Sheikh/ 

Supervisory Patent Examiner, Art Unit 2131 
/Ayaz R. Sheikh/ 
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Supervisory Patent Examiner, Art Unit 2131 



